Skip to content

Latest commit

 

History

History
55 lines (40 loc) · 4.31 KB

File metadata and controls

55 lines (40 loc) · 4.31 KB

Core Landing Zone With Hub/Spoke DRG-Only Topology Template

This template shows how to deploy a CIS compliant landing zone using OCI Core Landing Zone configuration.

It deploys one DRG (Dynamic Routing Gateway) and three three-tier VCNs, which are peered through the DRG. The DRG is configured to route traffic across all VCNs.

Please see other templates available for CIS compliant landing zones with custom configurations.

Default Values

This template has the following parameters set:

Variable Name Description Value
service_label A unique identifier to prefix the resources drghs
define_net Check to define networking resources. By default, the Landing Zone does NOT deploy any networks. true
hub_deployment_option The hub deployment option. In this case, a DRG is deployed to act as the hub in the Hub/Spoke topology. "VCN or on-premises connectivity routing via DRG (DRG will be created)"
add_tt_vcn1 When true, deploys three-tier VCN 1, with three subnets: web (public by default), application (private) and database (private). An optional subnet (private by default) for bastion deployment is also available true
tt_vcn1_cidrs Three-tier VCN 1 CIDR blocks. ["192.168.0.0/24"]
tt_vcn1_attach_to_drg When true, attaches three-tier VCN 1 to the DRG true
add_tt_vcn2 When true, deploys three-tier VCN 2, with three subnets: web (public by default), application (private) and database (private). An optional subnet (private by default) for bastion deployment is also available true
tt_vcn2_cidrs Three-tier VCN 2 CIDR blocks. ["192.168.1.0/24"]
tt_vcn2_attach_to_drg When true, attaches three-tier VCN 2 to the DRG true
add_tt_vcn3 Adds three-tier VCN 3, with three subnets: web (public by default), application (private) and database (private). An optional subnet (private by default) for bastion deployment is also available true
tt_vcn3_cidrs Three-tier VCN 3 CIDR blocks. ["192.168.2.0/24"]
tt_vcn3_attach_to_drg When true, attaches three-tier VCN 3 to the DRG true
network_admin_email_endpoints List of email addresses that receive notifications for networking related events. ["[email protected]"]
security_admin_email_endpoints List of email addresses that receive notifications for security related events. ["[email protected]"]
enable_cloud_guard When true, OCI Cloud Guard Service is enabled. Set to false if it's been already enabled through other means. true

For a detailed description of all variables that can be used, see the Variables documentation.

This template can be deployed using OCI Resource Manager Service (RMS) or Terraform CLI:

OCI RMS Deployment

By clicking the button below, you are redirected to an OCI RMS Stack with variables pre-assigned for deployment.

Deploy_To_OCI

You are required to review/adjust the following variable settings:

  • Make sure to pick an OCI region for deployment.
  • Provide real email addresses for Network Admin Email Endpoints and Security Admin Email Endpoints fields.
  • Uncheck Enable Cloud Guard Service option in case it is already enabled in your tenancy.

With the stack created, perform a Plan, followed by an Apply using RMS UI.

Terraform CLI Deployment

  1. Rename file main.tf.template to main.tf.
  2. Provide/review the variable assignments in main.tf.
  3. In this folder, execute the typical Terraform workflow:
    • $ terraform init
    • $ terraform plan
    • $ terraform apply